-
Looking at e.g. https://github.com/csaf-poc/csaf_distribution/blob/main/csaf/generate_cvss_enums.go, this will generate another file using the MIT License. Should generated files also use the Apache2.…
-
It seems the "strict" version of the schema might yield better results with respect to a Regex error in earlier versions of the JSON schema.
-
Currently, we use the standard go-http-lib user agent. However, to be able to better track the usage of the tool, we should use our own user-agent string, e.g., `" "`.
-
Currently, we can only check the conformance of a single PMD on a provider. When https://github.com/csaf-poc/csaf_distribution/pull/536 is implemented, we can use the new `Enumerate` function in the m…
-
We [currently support](https://docs.chainloop.dev/reference/operator/contract#material-schema) CSAF_VEX. This task aims to add support for [other profiles](https://docs.oasis-open.org/csaf/csaf/v2.0/c…
-
### Description
CSAF, or Common Security Advisory Framework, is a standardized format for documenting and sharing security advisories and vulnerabilities in an automated way. It provides a structured…
-
On a few code platforms, only one License is shown. This makes sense if the License can be displayed that is the one where all code parts under different licenses are combined and compatible.
For e…
-
To make debugging easier we should show some build information in the client. Therefore, we want to show a build number of the client (#19) and the backend (#20) in the client. One possible place to d…
-
* [x] change files new with isduba to `SPDX-License-Identifier: Apache-2.0`
* [x] licensing section on the front page, much like the csaf_distribution section, but give the copyright holder.
* …
-
In the aggregator schema, we have a typo:
https://github.com/oasis-tcs/csaf/blob/5757eeb192f30dbf1752d15365e335c3408ce4df/csaf_2.0/json_schema/aggregator_json_schema.json#L178
lists `mirror` as …